CVE-2025-14081
Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
17 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
ultimatemember · Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-account.php#L610https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/um-actions-account.php#L322https://plugins.trac.wordpress.org/changeset/3421362/https://www.wordfence.com/threat-intel/vulnerabilities/id/aad57a68-c385-491f-a5a2-32906df4b52b?source=cve